zephyr

History

Paul Sokolovsky 42680b07af mbedtls: Switch default MBEDTLS_CFG_FILE to config-mini-tls1_2.h The previous default, "config-threadnet.h", is more or less arbitrary choice made in a commit `312def2c78` 1.5 years ago. In particular, it's not related to Thread support in Zephyr per se (there was no such support at that time). It doesn't make sense to have a default intended for a particular, not widely used (yet) protocol. Instead, the default should work out of the box with a contemporary widely deployed arrays of TLS servers, which are HTTPS server. config-mini-tls1_2.h works with https://google.com, and by extension, with many other servers on the Internet. So, have that as the default, and let applications with special needs to override that to what they need. Addresses: #6132 Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>		2018-02-15 12:35:31 -05:00
..
src	kbuild: Removed KBuild	2017-11-08 20:00:22 -05:00
CMakeLists.txt	cmake: Ported mbedTLS to use Zephyr interface libraries	2018-01-02 22:09:01 -05:00
README.rst	doc: fix board/sample broken links	2017-06-13 20:49:13 -04:00
prj.conf	mbedtls: Switch default MBEDTLS_CFG_FILE to config-mini-tls1_2.h	2018-02-15 12:35:31 -05:00
sample.yaml	samples: bluetooth and net samples need test setup	2017-12-28 20:24:29 -05:00

README.rst

.. _mbedtsl-delsserver-sample:

mbedTLS DTLS sample server
############################

Overview
********
This sample code shows a simple DTLS server using mbedTLS on top of Zephyr.

Building and Running
********************

Follow the steps for testing :ref:`networking_with_qemu`.

In the application directory type:

.. code-block:: console

   $make run

.. code-block:: console

   . Seeding the random number generator... ok
   . Setting up the DTLS structure... ok
   . Setting connection
   ok
   . Setting up ecjpake password ... ok
   . Performing the TLS handshake...

In another terminal window, obtain the mbed TLS code from:
https://tls.mbed.org/download-archive
and put it in a well known directory on your Linux machine, this will be your
client. (We're using version 2.3.0 for this example.)

Move to that directory and compile the mbedTLS on your host machine

.. code-block:: console

   tar -xvzf mbedtls-2.3.0-apache.tgz
   cd mbedtls-2.3.0
   CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make

   ./programs/ssl/ssl_client2 server_addr=192.0.2.1 dtls=1 ecjpake_pw=passwd

You will get the following output:

.. code-block:: console

   . Seeding the random number generator... ok
   . Connecting to udp/192.0.2.1/4433... ok
   . Setting up the SSL/TLS structure... ok
   . Performing the SSL/TLS handshake... ok
   [ Protocol is DTLSv1.2 ]
   [ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ]
   [ Record expansion is 29 ]
   [ Maximum fragment length is 16384 ]
   > Write to server: 34 bytes written in 1 fragments

   GET / HTTP/1.0
   Extra-header:


   < Read from server: 34 bytes read

   GET / HTTP/1.0
   Extra-header:

   . Closing the connection... done

From the app directory type the screen should display

.. code-block:: console

   . Performing the TLS handshake... hello verification requested
   . Setting up ecjpake password ... ok
   . Performing the TLS handshake... ok
   < Read from client: 34 bytes read

   GET / HTTP/1.0
   Extra-header:


   > Write to client: 34 bytes written

   GET / HTTP/1.0
   Extra-header:

   < Read from client: connection was closed gracefully
   . Closing the connection... done
   . Setting up ecjpake password ... ok
   . Performing the TLS handshake...

If trying to use IPv6 edit the file prj_qemu_x86.conf and change the line from
CONFIG_NET_IPV6=n to CONFIG_NET_IPV6=y

And run the client on mbedTLS as

.. code-block:: console

   ./programs/ssl/ssl_client2 server_addr=2001:db8::1 dtls=1 ecjpake_pw=passwd

If the server does not receive the  messages, restart the app and try to connect
the client again.

References
**********

* https://tls.mbed.org/